<?php
class App_Zend_Controller_Action_Adminb extends Zend_Controller_Action
{
	public function init()
	{
		$c = $this->getRequest()->getParam('controller');
		$a = $this->getRequest()->getParam('action');		
		
		foreach ($_POST as $k =>$v) {			
			if ($c == 'order' && $a == 'getitemajax') {
				if ($k == 'searchQuery') {
					$v = str_replace('"', '', $v);
					$v = str_replace('\'', '', $v);
					$v = str_replace(':', '', $v);
					$v = str_replace(',', '', $v);
					$v = str_replace('\\', '', $v);
					$v = str_replace('{', '', $v);
					$v = str_replace('}', '', $v);
				}
			}

			if ($c == 'pm' && $a == 'doadd') {
				if ($k == 'FCKeditor1') {
					continue;
				}
			}
			
			if ($c == 'info' && $a == 'changepass') {
				if ($k != 'username') {
					continue;
				}
			}
			
			if (is_array($v)) {
				$v = implode('', $v);
			} 		
										
			if (!empty($v) && !preg_match('/^([A-Za-z0-9_\-\.@])+$/Usi', $v)) {	
				if ($k == 'headimg') {
					continue;
				}	
				echo '<div style="width: 700px; height: 30px; tex-align:center; float：left;">your input has error!</div>';
				exit();
			}
		}
		foreach ($_GET as $v) {				
			if (!empty($v) && !preg_match('/^([A-Za-z0-9_\-\.@])+$/Usi', $v)) {			
				echo '<div style="width: 700px; height: 30px; tex-align:center; float：left;">your input has error!</div>';
				exit();
			}
		}
	}
}